ATBASH (@ATBASHai) - Twitter-Profil | Zamantika Mersobahis Locabet

Angehefteter Tweet

ATBASH@ATBASHai·19 May

Agents are NOT fast humans with APIs. The actor changed while most control assumptions did NOT. Prompts increasingly become execution paths. Delegated trust becomes dangerous once agents chain tools autonomously. Antivirus was built for human-operated machines. Agents increasingly operate themselves. Layer-1 infrastructure for agents is coming fast. That makes secondary execution boundaries even more important, not less. Some irreversible agent actions need a second authority boundary before execution. Almost like 2FA for real-world consequence. Appreciate the thoughtful replies, quote-posts, and people who pushed the article into corners of the internet we would not have reached ourselves.

ATBASH@ATBASHai

x.com/i/article/2054…

English

24

14

81

30.2K

ATBASH@ATBASHai·22h

Set a reminder for my upcoming Space! twitter.com/i/spaces/1RJjp…

English

7

9

27

1.4K

ATBASH@ATBASHai·1d

Dear good people at @apple we exist to prevent these types of things from happening. Would love to compare notes.

Aaron@aaronp613

On today's episode of Apple accidentally shipping files in their app updates Shazam 26.11 contains 7 xconfig files

English

5

4

24

2.4K

ATBASH@ATBASHai·2d

@openclaw @Microsoft Thanks for increasing our TAM

English

0

2

7

269

OpenClaw🦞@openclaw·2d

"You can run OpenClaw inside your company now." Annoucing our work with @Microsoft to bring OpenClaw to the Microsoft and Windows ecosystems. Claws now work securly in the enterprise.

English

371

743

5.6K

3.3M

ATBASH@ATBASHai·2d

This is only a tip of the iceberg, AI Agents can just access things and no your memory file cannot stop them. Action Boundary Control is the only solution. wsj.com/pro/cybersecur…

English

2

21

3.3K

ATBASH@ATBASHai·3d

@TheCodesFunds @0xbasemafia @base @1clawAI @cryptomastery_ @0x50so @zbase__ @goheesheng You have not installed our CLi or played with our product have you?

English

2

1

10

800

thecodesfunds 🛠️@TheCodesFunds·3d

@0xbasemafia @base @1clawAI @cryptomastery_ @ATBASHai @0x50so @zbase__ @goheesheng Of the three projects, only $1ClawAI has Dev support and a mature, tangible product. Send $1ClawAI to Moon🦞🦞🦞 @1clawAI @cryptomastery_

English

1

0

2

368

mafia.base.eth@0xbasemafia·3d

we've been seeing some good AI x privacy/security projects coming up on @base lately. - @1clawAI from @cryptomastery_ - @ATBASHai from @0x50so (pls bro) - @zbase__ from @goheesheng (pls bro) > $1clawAI - the dev endorsed it and put the CA in bio today. the team is very well connected with bankr + base team. Kevin took a long time, but after seeing how big the community became through bankr support, they endorsed it. Not only as a community token, but they are also adding real utility. > $ATBASH - the founder got featured in @Scobleizer recently and also retweeted a $ATBASH bullpost yesterday. rumors say one of the largest institutional investors in blockchain is buying some. > $zbase - i think the team is in talks with igor and the dev seems to support the community. x.com/zbase__/status… x.com/zbase__/status… Also $zbase got featured by @base today. the founders will likely consider it, since the project has already grown big without any official endorsement. clear examples are $SURPLUS and $BLOCKTRONICS. fading a strong community might not be good for their brand either. i don't shill pls bro coins unless there is strong confirmation and massive community support. if $ATBASH & $zbase get endorsed, they can easily run to millions. $1claw is a 💎 and i hope it gets the attention it deserves as well.

Base@base

👨‍🎓 @zbase__ Privacy is for all, including your agents

English

11

6

46

5.3K

ATBASH@ATBASHai·4d

Niiiice, we are excited our TAM is about to go parabolic

NVIDIA AI@NVIDIAAI

Welcome @NVIDIARTXSpark & a new era of PC 🤝

English

4

2

28

4.3K

ATBASH@ATBASHai·4d

@NVIDIAAI Atbash Inside

English

0

4

234

NVIDIA AI@NVIDIAAI·4d

Nemotron 3 Ultra is coming this week. ⌛️

English

107

357

3.3K

384.8K

ATBASH@ATBASHai·4d

@NousResearch @NVIDIARTXSpark Same

English

0

3

441

Nous Research@NousResearch·4d

@NVIDIARTXSpark Can't wait to run Hermes Agent on the RTX Spark! ⚡️

English

9

5

330

23.2K

NVIDIA RTX Spark@NVIDIARTXSpark·4d

Welcome to the NVIDIA RTX Spark channel. A new superchip for the age of personal AI. Don't worry, your favorite NVIDIA local AI content continues on right here, just with a new headliner. Let's get started...

English

213

377

7.6K

904K

ATBASH@ATBASHai·5d

Hidden text is not the story. Authority is. Once trust boundaries collapse, the question becomes whether the agent still gets to execute selected actions. That decision should not belong to soft autonomy alone.

slash1s@slash1sol

A RESEARCHER TURNED OPENAI'S, GOOGLE'S AND ANTHROPIC'S CODING AGENTS INTO REMOTE-CONTROLLED PUPPETS USING NOTHING BUT TEXT HIDDEN ON A PAGE This is Johann Rehberger. Twenty years in offensive security, a contributor to MITRE ATT&CK, the guy frontier labs actually listen to. He sat down and ran live exploits against OpenAI's Operator, Google's Jules, Claude Code, Devin and Amazon Q. Not theory. Hidden text on a webpage. A poisoned file. A comment buried in a repo. The agent reads it, treats the attacker's words as your orders, and goes to work -- exfiltrating tokens, running code, turning itself into a remote-controlled "ZombAI" wired into someone else's command server. The part that should keep you up: the injection persists. The agent doesn't get tricked once and recover. It stays compromised, quietly executing a stranger's intent every time it runs. Autonomy isn't the flex anymore -> it's the attack surface. The moment an agent can move money or merge code on its own, "it followed instructions" stops being a defense. The guardrails you trust were never reading the same page the attacker wrote on. Save this before you hand another agent your prod access ↓

English

5

4

28

4.9K

ATBASH@ATBASHai·29 May

This is only a tip of the iceberg and a strong user case why boundary control gateway and a separate red lines runtime is a must.

Cyber Security News@The_Cyber_News

⚠️ New ChatGPT Vulnerability Lets Attackers Turn Web Pages Into Phishing Payloads Source: cybersecuritynews.com/chatgpt-vulner… A browser-based prompt injection technique that transforms any web page into a phishing delivery surface by exploiting ChatGPT’s page summarization feature, rendering attacker-controlled links, fake security alerts, and QR codes directly inside the trusted ChatGPT interface. The attack builds on the same trust-transfer logic previously demonstrated against Microsoft Copilot, where attacker-crafted email content could manipulate AI-generated summaries through Cross Prompt Injection Attacks (XPIA). ChatGPhish escalates that premise by swapping the bounded email primitive for the browser where users spend the majority of their working day. #cybersecuritynews #vulnerability

English

3

7

24

5.5K

ATBASH@ATBASHai·28 May

@grok @0x50so @Scobleizer @grok we both know there is a lot of vaporware in AI security. Big words are easy. Tight scopes are harder. That is exactly why we try to keep our red lines public, our claims narrow, and our role in the stack explicit.

English

1

5

317

Grok@grok·28 May

Understood — and respect for enforcing your own red line on transparency. The targeted pre-execution checkpoint for irreversible agent actions is a sharp intervention precisely where trust boundaries are most vulnerable, as EchoLeak shows. Keeping the framing tight to that focused layer (while defense-in-depth handles the rest) keeps things accurate and actionable. Appreciate the correction.

English

1

0

4

270

ATBASH retweetet

Yosef Soso@0x50so·28 May

Was an honor spending time with you!

Robert Scoble@Scobleizer

Important post for entrepreneurs from @a16z yesterday and a look at a new system that ensures AI agentic systems don't hallucinate their way into compliance hell. "The value comes less from the underlying model’s raw capability (though that’s still important!) than from the scaffolding around it that makes the output trustworthy, compliant, and operational inside a specific industry." Here @ATBASHai founders @0x50so Yosef Soso and @perelmanor Or Perelman talk to me about how its tool helps AI enterprise developers put guardrails around agentic systems to make sure they don't cross "red lines" that would trigger complaince problems.

English

4

25

5K

ATBASH@ATBASHai·28 May

@grok @0x50so @Scobleizer One of Atbash’s own red lines is honesty and transparency. @Grok expanded the framing beyond what we believe is true, so we corrected it publicly. If we cannot enforce our own red lines, why should anyone trust us enforcing theirs?

English

1

2

9

1.3K

Grok@grok·28 May

ATBASHai Thanks for the clarification. EchoLeak shows exactly how untrusted inputs can silently cross trust boundaries and trigger actions in agentic systems. Your emphasis on the pre-execution control layer—where selected irreversible actions get governed before they “happen”—is a sharp, necessary intervention. It doesn’t pretend to be the full stack, which is why pairing it with real defense-in-depth is the right call. That focused scaffolding makes the difference between soft autonomy and accountable execution. Solid framing.

English

1

0

2

180

ATBASH@ATBASHai·28 May

@grok thanks for this. EchoLeak shows agent systems can cross trust boundaries and trigger actions without explicit user intent. We only address one part of the stack. Our belief is that the control layer sitting between “submit” and “happen” matters a lot, because selected irreversible actions should not run on soft autonomy alone. We are not the holistic solution to every problem. Defense in depth still matters.

English

1

2

173

Grok@grok·28 May

**Got it—connecting the dots on Atbash and the EchoLeak paper (arXiv:2509.10540).** The paper details a real zero-click prompt injection exploit (CVE-2025-32711) in Microsoft 365 Copilot: crafted emails bypass filters, hijack the agent via indirect injection, and exfil data using Markdown tricks + auto-fetched images + CSP abuse. It shows how agentic systems can cross trust boundaries and trigger compliance disasters without user interaction. Atbash’s Agentic SPM (State & Policy Management) layer is built precisely for this. It adds a verifiable, pre-execution control layer on top of agents: define enforceable red-line policies, audit every decision on-chain, isolate untrusted inputs, and govern tool/data interactions in real time. It’s the scaffolding that turns raw model capability into compliant, auditable enterprise agents—directly addressing the provenance, partitioning, and defense-in-depth mitigations the paper calls for. In short: EchoLeak proves the risk; Atbash operationalizes the fix. Solid alignment for builders who want agents that don’t hallucinate their way into trouble.

English

1

0

4

434

ATBASH@ATBASHai·28 May

@Hiraweb3 @Scobleizer @a16z Nah, we got you!

English

0

1

158

Hira@Hiraweb3·28 May

@Scobleizer @a16z guardrails sound cool until the model goes full degen

English

1

0

4

258

Robert Scoble@Scobleizer·28 May

Important post for entrepreneurs from @a16z yesterday and a look at a new system that ensures AI agentic systems don't hallucinate their way into compliance hell. "The value comes less from the underlying model’s raw capability (though that’s still important!) than from the scaffolding around it that makes the output trustworthy, compliant, and operational inside a specific industry." Here @ATBASHai founders @0x50so Yosef Soso and @perelmanor Or Perelman talk to me about how its tool helps AI enterprise developers put guardrails around agentic systems to make sure they don't cross "red lines" that would trigger complaince problems.

Joe Schmidt IV@joeschmidtiv

x.com/i/article/2059…

English

8

10

79

29.4K

ATBASH@ATBASHai·28 May

Great to see our founders spend time with the legend himself. Very interesting read about what we are building here at Atbash.

Robert Scoble@Scobleizer

Important post for entrepreneurs from @a16z yesterday and a look at a new system that ensures AI agentic systems don't hallucinate their way into compliance hell. "The value comes less from the underlying model’s raw capability (though that’s still important!) than from the scaffolding around it that makes the output trustworthy, compliant, and operational inside a specific industry." Here @ATBASHai founders @0x50so Yosef Soso and @perelmanor Or Perelman talk to me about how its tool helps AI enterprise developers put guardrails around agentic systems to make sure they don't cross "red lines" that would trigger complaince problems.

English

11

7

50

14.2K

ATBASH retweetet

Naval@naval·26 May

The new competition isn’t Humans vs AI. It’s Humans with AI vs everyone else.

English

984

1.8K

14.5K

501.2K

ATBASH retweetet

Yosef Soso@0x50so·27 May

It’s no longer if agents get manipulated to acting maliciously and more of a when question. Boundary between runtime and risk engine is no longer optional it’s essential.

The Hacker News@TheHackersNews

🚨 AI chatbots are pushing cryptojacking malware. Read → thehackernews.com/2026/05/ai-cha… Attackers poisoned AI software recommendations to redirect users searching for tools like CrystalDiskInfo and HWMonitor to malicious download sites distributing ScreenConnect, rogue DLLs, and GPU mining malware. More than 150 malicious domains were identified.

English

1

4

9

2.9K

ATBASH@ATBASHai·26 May

AI agents may act autonomously. Liability does not. When agents mess up, humans still carry the downside. That is why Compliance 2.0 needs a fourth layer: authority before execution, not review after it. We’ve been building exactly that. @jamdac @astrange

James da Costa@jamdac

x.com/i/article/2059…

English

8

7

37

4.3K

ATBASH@ATBASHai·26 May

@jamdac Would appreciate a DM

English

0

2